Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Oct 25, 2016 at 4:10 PM       35      
Status
Not open for further replies.
With confirmation that the PS4 4.01 Ksploit has been reported to Sony and likely to be patched, PlayStation 4 developers have been researching the Chaitin Tech 4.01 PS4 jailbreak exploit's entry point in hopes to bring Linux to Firmware 3.50 through 4.01 among other scene advancements. :hearteyes:

@Jeff and @B7U3 C50SS started a collaborative research post HERE, and since then @SpecterDev shared his thoughts thus far on his latest PS4 Development Blog article. :thumbup:

Check it out linked above, and to quote in part: "CVE-2016-1885 is not applicable to the PS4, Sony removed set_ldt after 1.76. Thanks to Red-EyeX32 for pointing this out."

PlayStation 4 developer @theorywrong tweeted the following SVN Commit r307941 via his Twitter which according to @Akaike may be the email with the Chaitin exploit and how to fix it while @mcmrc1 posted HERE he might have stumbled upon the GIT.

According to @Akaike in the Shoutbox the Chaitin Tech Lab exploit was intended to execute code via PS4 kernel mode in conjunction with fail0verflow Linux.

@SpecterDev also noted in the Shoutbox that SAMU handles PlayStation 4 encryption, saves, games, modules, firmware, etc and that the problem with SAMU is although it can be used with kernel access to decrypt files, the keys are locked in SAMU and thus far can't be extracted... meaning external decryption can't be done.

:stop: Keep in mind folks the topic of this article / thread is to research the Chaitin Tech 4.01 PS4 jailbreak exploit's entry point, so much of what's theorized here may change or be corrected at any time.

Thanks to @toni1988 and everyone else I 'mentioned' above along with several others I may have overlooked in the PSXHAX Shoutbox, and don't forget we have a dedicated Discord Server for PlayStation 4 development and other live discussions headed up by @VultraAID and @Lucii! :beer::beer::beer:
PS4 4.01 Kernel and Userland Jailbreak Exploit.jpg
 

Comments

Entry Point used by Chaitin Tech

Category: core
Module: kernel
Announced: 2016-10-25
Credits: Core Security, ahaha from Chaitin Tech
Affects: All supported versions of FreeBSD.

This vulnerability could cause the kernel to panic. In addition it is
possible to perform a local Denial of Service against the system by
unprivileged processes.

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc

EDIT: https://www.mail-archive.com/[email protected]/msg132464.html

Thanks, @toni1988 on the shoutbox for this. basically an email explaining what was patched and how.

As well as the CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885 via, Wololo from his blog entry.

(Edit by @B7U3 C50SS)
 
Status
Not open for further replies.
Back
Top